Overview
Some versions of exuberant-ctags, a source code navigation utility, create and use temporary files insecurely, leading to local file corruption and possible denial-of-service.
Description
Exuberent-ctags is a source code navigation utility. It creates temporary files with predictable names in /tmp. Prior to creation, the utility does not check for existence of the temporary files. These files are created world-readable. |
Impact
By creating symbolic links named as the temporary files, an attacker can cause exuberant-ctags to overwrite files writable by the user of exuberant-ctags. By creating similarly named files and protecting them against the user of exuberant-ctags, an attacker can deny use of this utility to a user. |
Solution
Apply vendor patches; see the Systems Affected section below. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was first reported by Colin Phipps.
This document was last modified by Tim Shimeall.
Other Information
| CVE IDs: | CVE-2001-0430 |
| Severity Metric: | 3.38 |
| Date Public: | 2001-04-15 |
| Date First Published: | 2001-09-17 |
| Date Last Updated: | 2001-09-17 19:25 UTC |
| Document Revision: | 4 |